那些遇到过的问题

小编Den*_*s D的帖子

用于在IIS中强制SSL的"RESPONSE_Strict_Transport_Security"服务器变量

所以,我已经看到了其他答案和其他网站中使用的这个解决方案(http://www.hanselman.com/blog/HowToEnableHTTPStrictTransportSecurityHSTSInIIS7.aspx),但我不明白HSTS标头是如何添加的.我认为它与此有很多关系:

<match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
Run Code Online (Sandbox Code Playgroud)

有人可以解释"RESPONSE_Strict_Transport_Security"的来源吗?

完整代码:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="HTTP to HTTPS redirect" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
                        redirectType="Permanent" />
                </rule>
            </rules>
            <outboundRules>
                <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
                    <match serverVariable="RESPONSE_Strict_Transport_Security"
                        pattern=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="on" ignoreCase="true" />
                    </conditions>
                    <action type="Rewrite" value="max-age=31536000" />
                </rule>
            </outboundRules>
        </rewrite>
    </system.webServer>
</configuration>
Run Code Online (Sandbox Code Playgroud)

c# asp.net iis ssl

Den*_*s D
lucky-day
7
推荐指数
2
解决办法
829
查看次数

标签 统计

asp.net ×1

c# ×1

iis ×1

ssl ×1